Wordfence Intelligence Weekly WordPress Vulnerability Report (March 24, 2025 to March 30, 2025)

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.

Last week, there were 405 vulnerabilities disclosed in 356 WordPress Plugins and 15 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 24,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

• User Registration & Membership <= 4.1.1 – Unauthenticated Privilege Escalation
• User Registration & Membership <= 4.1.2 – Authentication Bypass
• WAF-RULE-817 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Total Vulnerabilities by CVSS Severity Last Week

Total Vulnerabilities by CWE Type Last Week

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities
Nabil Irawan	55
muhammad yudha	30
LVT-tholv2k	24
Trương Hữu Phúc (truonghuuphuc)	23
Skalucy	21
Peter Thaleikis	20
Nguyen Xuan Chien	19
Nguyen Xuan Chien	19
stealthcopter	18
johska	15
0xd4rk5id3	13
Abdi Pranata	11
timomangcut	10
astra.r3verii	9
Le Ngoc Anh	8
mikemyers	7
theviper17y	7
Rafie Muhammad	5
Avraham Shemesh	5
Phan Trong Quan	5
João Pedro Soares de Alcântara	5
Psai	4
Phat RiO - BlueRock	4
HayMiz	4
zaim	4
kuteminh11	4
Prissy	3
Webula	2
Truoc Phan	2
kr0d	2
Arkadiusz Hydzik	2
Ananda Dhakal	2
wesley (wcraft)	2
David Ojeda Guijarro	2
Dimas Maulana	2
domiee13	2
Krzysztof Zając	2
SOPROBRO	2
Nguyễn Trung Kiên	2
Falgun Patel	1
sterva	1
Marek Mikita	1
zer0gh0st	1
m3ssap0	1
István Márton	1
Gab	1
omstaendlig	1
SteveSec	1
Francesco Carlucci	1
Luciano Hanna	1
zhuxuan wu	1
shaman0x01	1
Abdi	1
Webbernaut	1
Muhamad Visat	1
Khang Duong	1
Revan Arifio	1
Françoa Taffarel	1
Michael	1
Kévin Mosbahi (Mika)	1
Lucio Sá	1
Dhabaleshwar Das	1
Nguyen Vuong Quoc	1
Pham Van Tam	1
Nguyen Khanh Hao	1
SavPhill (Savphill)	1
ayato	1
lucky_buddy	1
Hoang Phuc Vo (HrxKnight)	1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

WordPress Themes with Reported Vulnerabilities Last Week

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Accounting for WooCommerce <= 1.6.8 - Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-30835

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Accounting for WooCommerce

Researcher

Dimas Maulana

More Details >

Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-2266

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Checkout Mestres do WP for WooCommerce

Researcher

kr0d

More Details >

Essential Real Estate <= 5.2.0 - Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-30849

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Essential Real Estate

Researcher

LVT-tholv2k

More Details >

Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-2332

Patch Status
Patched

Published
Mar 26, 2025

Affected Software
=== Export All Posts, Products, Orders, Refunds & Users

Researcher

Webbernaut

More Details >

InstaWP Connect <= 0.1.0.82 - Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-31387

Patch Status
Patched

Published
Mar 29, 2025

Affected Software
InstaWP Connect – 1-click WP Staging & Migration

Researcher

Dimas Maulana

More Details >

JS Help Desk <= 2.9.2 - Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-30901

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-2294

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Kubio AI Page Builder

Researcher

mikemyers

More Details >

Material Dashboard <= 1.4.5 - Unauthenticated Privilege Escalation

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-31095

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Material Dashboard

Researcher

LVT-tholv2k

More Details >

Multiple Shipping And Billing Address For Woocommerce <= 1.5 - Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-31087

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Multiple Shipping And Billing Address For Woocommerce

Researcher

Le Ngoc Anh

More Details >

postMash Custom – custom post order <= 1.0.3 - Unauthenticated SQL Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-30622

Patch Status
Unpatched

Published
Mar 26, 2025

Affected Software
PostMash Custom – custom post order

Researcher

timomangcut

More Details >

Rapyd Payment Extension for WooCommerce <= 1.1.9 - Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-30618

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
rapyd-payments

Researcher

astra.r3verii

More Details >

Sunshine Photo Cart <= 3.4.10 - Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-31084

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Sunshine Photo Cart: Free Client Photo Galleries for Photographers

Researcher

João Pedro Soares de Alcântara

More Details >

Traveler <= 3.1.8 - Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-26873

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
Travel Booking WordPress Theme

Researcher

Rafie Muhammad

More Details >

User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-2563

Patch Status
Patched

Published
Mar 24, 2025

Affected Software
User Registration & Membership – Custom Registration Form, Login Form, and User Profile

Researcher

wesley (wcraft)

More Details >

WP Travel Engine <= 6.3.5 - Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-30870

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WP Travel Engine – Tour Booking Plugin – Tour Operator Software

Researcher

LVT-tholv2k

More Details >

CM Download Manager <= 2.9.6 - Unauthenticated Arbitrary File Deletion

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2025-30910

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
CM Download Manager – Simplify file sharing with powerful download management

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

JS Help Desk <= 2.9.2 - Unauthenticated Arbitrary File Deletion

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2025-30878

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin

Researcher

LVT-tholv2k

More Details >

Administrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-2815

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Administrator Z

Researcher

kr0d

More Details >

Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-2328

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Drag and Drop Multiple File Upload for Contact Form 7

Researcher

Phat RiO - BlueRock

More Details >

EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-2319

Patch Status
Patched

Published
Mar 24, 2025

Affected Software
EZ SQL Reports Shortcode Widget and DB Backup

Researcher

lucky_buddy

More Details >

Inline Image Upload for BBPress <= 1.1.19 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-2006

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Inline Image Upload for BBPress

Researcher

muhammad yudha

More Details >

JetWooBuilder <= 2.1.18 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-31016

Patch Status
Patched

Published
Mar 29, 2025

Affected Software
JetWooBuilder for Elementor

Researcher

stealthcopter

More Details >

Login Widget for Ultimate Member <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30890

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Login Widget for Ultimate Member

Researcher

muhammad yudha

More Details >

MDJM Event Management <= 1.7.5.2 - Authenticated (Subscriber+) PHP Object Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-31074

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
MDJM Event Management

Researcher

LVT-tholv2k

More Details >

Pop-Up Chop Chop <= 2.1.7 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-31432

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Pop-Up Chop Chop

Researcher

Nguyen Xuan Chien

More Details >

Restaurant Menu by MotoPress <= 2.4.4 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30846

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Restaurant Menu and Food Ordering

Researcher

muhammad yudha

More Details >

RomethemeKit For Elementor <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30911

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
RomethemeKit For Elementor

Researcher

Rafie Muhammad

More Details >

SoJ Soundslides <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-2249

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
SoJ SoundSlides

Researcher

Hoang Phuc Vo (HrxKnight)

More Details >

Subscribe to Download Lite <= 1.2.9 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30785

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin

Researcher

LVT-tholv2k

More Details >

Subscribe to Download Lite <= 1.2.9 - Authenticated (Subscriber+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30782

Patch Status
Patched

Published
Mar 29, 2025

Affected Software
Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin

Researcher

LVT-tholv2k

More Details >

Team Manager <= 2.1.23 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30868

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Team Manager – Team Member Showcase with grid, slider, table Elementor widget & shortcode

Researcher

LVT-tholv2k

More Details >

The Pack Elementor addons <= 2.1.1 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30845

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)

Researcher

LVT-tholv2k

More Details >

The Post Grid <= 7.7.17 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30814

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

Researcher

LVT-tholv2k

More Details >

Themify Event Post <= 1.3.2 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30831

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Themify Event Post

Researcher

LVT-tholv2k

More Details >

Visual Text Editor <= 1.2.1 - Authenticated (Contributor+) Remote Code Execution

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-28893

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Visual Text Editor

Researcher

theviper17y

More Details >

WishSuite <= 1.4.4 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30820

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WishSuite – Wishlist for WooCommerce

Researcher

LVT-tholv2k

More Details >

WP Compress <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-2110

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
WP Compress – Instant Performance & Speed Optimization

Researcher

mikemyers

More Details >

WP e-Commerce Style Email <= 0.6.2 - Cross-Site Request Forgery to Remote Code Execution

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30615

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WP e-Commerce Style Email

Researcher

0xd4rk5id3

More Details >

WP Travel Engine <= 6.3.5 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30871

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WP Travel Engine – Tour Booking Plugin – Tour Operator Software

Researcher

LVT-tholv2k

More Details >

WPC Smart Upsell Funnel for WooCommerce <= 3.0.4 - Authenticated (Subscriber+) Arbitrary Options Update

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30772

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WPC Smart Upsell Funnel for WooCommerce

Researcher

LVT-tholv2k

More Details >

WPCafe <= 2.2.31 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30829

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
**WPCafe: Food Menu, Ordering, Reservation, and Delivery Solution – All in One Place!**

Researcher

LVT-tholv2k

More Details >

WpEvently <= 4.2.9 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30895

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin

Researcher

LVT-tholv2k

More Details >

WpTravelly <= 1.8.7 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30891

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly

Researcher

LVT-tholv2k

More Details >

Product Catalog – Catalog for WordPress <= 1.0.4 - Unauthenticated SQL Injection

8.6

CVSS Rating
High (8.6)

CVE-ID
CVE-2025-30524

Patch Status
Unpatched

Published
Mar 25, 2025

Affected Software
Product Catalog – Catalog for WordPress

Researcher

Phan Trong Quan

More Details >

BWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2024-13801

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
BWL Advanced FAQ Manager

Researcher

Lucio Sá

More Details >

Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2025-2007

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Import Export Suite for CSV and XML Datafeed

Researcher

mikemyers

More Details >

Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function

7.6

CVSS Rating
High (7.6)

CVE-ID
CVE-2025-1912

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Product Import Export for WooCommerce – Import Export Product CSV Suite

Researcher

HayMiz

More Details >

Ads by WPQuads <= 2.0.87.1 - Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-30876

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads

Researcher

astra.r3verii

More Details >

Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-2485

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Drag and Drop Multiple File Upload for Contact Form 7

Researcher

Phat RiO - BlueRock

More Details >

Houzez Property Feed <= 2.5.4 - Unauthenticated Arbitrary File Download

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-30793

Patch Status
Patched

Published
Mar 29, 2025

Affected Software
Houzez Property Feed

Researcher

0xd4rk5id3

More Details >

JS Help Desk <= 2.9.1 - Unauthenticated Arbitrary File Download

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-30882

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin

Researcher

LVT-tholv2k

More Details >

JS Help Desk <= 2.9.2 - Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-30886

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin

Researcher

LVT-tholv2k

More Details >

Quiz Maker <= 6.6.8.7 - Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-30774

Patch Status
Patched

Published
Mar 29, 2025

Affected Software
Quiz Maker Business

Researcher

astra.r3verii

More Details >

Traveler <= 3.1.8 - Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-26898

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
Travel Booking WordPress Theme

Researcher

Rafie Muhammad

More Details >

Web Directory Free <= 1.7.6 - Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-28904

Patch Status
Patched

Published
Mar 24, 2025

Affected Software
Web Directory Free

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

WP Multistore Locator <= 2.5.2 - Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-28898

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WP Multistore Locator — WP Store Locator Plugin: Effortless Integration With Snazzy Maps

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Active Products Tables for WooCommerce <= 1.0.6.7 - Unauthenticated Arbitrary Filter Call

7.3

CVSS Rating
High (7.3)

CVE-ID
CVE-2025-1514

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Active Products Tables for WooCommerce. Use constructor to create tables 

Researcher

Arkadiusz Hydzik

More Details >

So-Called Air Quotes <= 0.1 - Unauthenticated Arbitrary Shortcode Execution

7.3

CVSS Rating
High (7.3)

CVE-ID
CVE-2025-2803

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
So-Called Air Quotes

Researcher

Avraham Shemesh

More Details >

AliNext <= 3.5.1 - Open Redirect

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-30859

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
AliExpress Dropshipping Plugin for WooCommerce – AliNext

Researcher

Le Ngoc Anh

More Details >

Automation By Autonami <= 3.5.1 - Open Redirect

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-30795

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

Researcher

Le Ngoc Anh

More Details >

Bit Form – Contact Form Plugin <= 2.18.0 - Open Redirect

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-30885

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder

Researcher

Le Ngoc Anh

More Details >

Bit Integrations <= 2.4.10 - Open Redirect

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-30884

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Webhook Automator & Contact Form Integration to Automate 280+ Platforms – Bit Integrations

Researcher

Le Ngoc Anh

More Details >

Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-2009

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Newsletters

Researcher

m3ssap0

More Details >

Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-1913

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Product Import Export for WooCommerce – Import Export Product CSV Suite

Researcher

HayMiz

More Details >

Scheduled & Automatic Order Status Controller for WooCommerce <= 3.7.1 - Open Redirect

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-30781

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Scheduled & Automatic Order Status Controller for WooCommerce

Researcher

Le Ngoc Anh

More Details >

Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 - Authenticated (Admin+) Command Injection

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-2257

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid

Researcher

sterva

More Details >

TranslatePress <= 2.9.6 - Authenticated (Administrator+) PHP Object Injection

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-30773

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Translate Multilingual sites – TranslatePress

Researcher

Ananda Dhakal

More Details >

WordPress Importer <= 0.8.3 - Authenticated (Administrator+) PHP Object Injection

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-13889

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
WordPress Importer

Researcher

Francesco Carlucci

More Details >

WP Church Donation <= 1.7 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-13690

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WP Church Donation

Researcher

johska

More Details >

Custom Field For WP Job Manager <= 1.4 - Cross-Site Request Forgery

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-30856

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Custom Field For WP Job Manager

Researcher

Skalucy

More Details >

Duplicate Page and Post <= 1.0 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-31466

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Duplicate Page and Post

Researcher

domiee13

More Details >

Flickr set slideshows <= 0.9 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-30590

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Flickr set slideshows

Researcher

timomangcut

More Details >

Flickr set slideshows <= 0.9 - Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-30589

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
Flickr set slideshows

Researcher

timomangcut

More Details >

Include URL <= 0.3.5 - Authenticated (Contributor+) Arbitrary File Download

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-30594

Patch Status
Unpatched

Published
Mar 29, 2025

Affected Software
Include URL

Researcher

timomangcut

More Details >

Jobs for WordPress <= 2.7.11 - Authenticated (Subscriber+) Arbitrary File Read

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-1310

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Job Postings

Researcher

Arkadiusz Hydzik

More Details >

Lead Form Data Collection to CRM <= 3.0.1 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-30810

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Lead Form Data Collection to CRM

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Navigation Tree Elementor <= 1.0.1 - Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-30562

Patch Status
Unpatched

Published
Mar 25, 2025

Affected Software
Navigation Tree Elementor

Researcher

timomangcut

More Details >

SEO Plugin by Squirrly SEO <= 12.4.03 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-22783

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
SEO Plugin by Squirrly SEO

Researcher

Webula

More Details >

Shortcodes by United Themes <= 5.1.6 - Unauthenticated Arbitrary Shortcode Execution

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-13557

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Shortcodes by United Themes

Researcher

mikemyers

More Details >

Shuffle <= 0.5 - Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-28873

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Shuffle

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Simple Giveaways <= 2.48.1 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-30819

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Simple Giveaways – Grow your business, email lists and traffic with contests

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Vimeotheque <= 2.3.4.2 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-30806

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Vimeotheque: Vimeo WordPress Plugin

Researcher

Phat RiO - BlueRock

More Details >

WP Featured Entries <= 1.0 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-30569

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WP Featured Entries

Researcher

timomangcut

More Details >

WP Subscription Forms <= 1.2.3 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-30784

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WP Subscription Forms – Subscription Form Plugin for WordPress

Researcher

LVT-tholv2k

More Details >

WPGuppy <= 1.1.3 - Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-30775

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
One to one user Chat by WPGuppy

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Advanced iFrame <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-1437

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Advanced iFrame

Researcher

Luciano Hanna

More Details >

Advanced iFrame <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-1439

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Advanced iFrame

Researcher

omstaendlig

More Details >

Advanced Woo Search <= 3.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via aws_search_terms Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-2302

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Advanced Woo Search

Researcher

muhammad yudha

More Details >

Alert Box Block – Display notice/alerts in the front end <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Box Block

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13731

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Alert Box Block – Display notice/alerts in the front end.

Researchers

Nguyen Vuong Quoc

Pham Van Tam

Nguyen Khanh Hao

More Details >

Amazing service box Addons For WPBakery Page Builder <= 2.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-2573

Patch Status
Unpatched

Published
Mar 25, 2025

Affected Software
Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer)

Researcher

Avraham Shemesh

More Details >

ARPrice <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26731

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
ARPrice - WordPress Pricing Table Plugin

Researcher

Nguyễn Trung Kiên

More Details >

Audio Album <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30780

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Audio Album

Researcher

muhammad yudha

More Details >

AuraMart <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26922

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
AuraMart

Researcher

stealthcopter

More Details >

Ayyash Studio <= 1.0.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-2576

Patch Status
Unpatched

Published
Mar 25, 2025

Affected Software
Ayyash Studio — The kick-start kit

Researcher

Avraham Shemesh

More Details >

Better Section Navigation Widget <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31465

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Better Section Navigation

Researcher

muhammad yudha

More Details >

Build <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26869

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Build

Researcher

stealthcopter

More Details >

Charitable <= 1.8.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30770

Patch Status
Patched

Published
Mar 26, 2025

Affected Software
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

Researcher

muhammad yudha

More Details >

Churel <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31419

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Churel

Researcher

stealthcopter

More Details >

City Store <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26737

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
City Store

Researcher

stealthcopter

More Details >

Click to Chat – WP Support All-in-One Floating Widget <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31092

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
Click to Chat – WP Support All-in-One Floating Widget

Researcher

Gab

More Details >

Clink <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30566

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Clink – WordPress Link Manager

Researcher

muhammad yudha

More Details >

Cost Calculator Builder <= 3.2.65 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31414

Patch Status
Patched

Published
Mar 29, 2025

Affected Software
Cost Calculator Builder

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Cozy Blocks <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30838

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Cozy Blocks – Page Builder for Gutenberg & Site Editor with Post Blocks, WooCommerce Blocks, Magazine Blocks & WordPress Gutenberg Blocks

Researcher

Prissy

More Details >

CRM and Lead Management by vcita <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13702

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
CRM and Lead Management by vcita

Researcher

muhammad yudha

More Details >

DesignThemes Core Features <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-0845

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
DesignThemes Core Features

Researcher

István Márton

More Details >

DICOM Support <= 0.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-12623

Patch Status
Patched

Published
Mar 24, 2025

Affected Software
DICOM Support

Researcher

Peter Thaleikis

More Details >

Doneren met Mollie <= 2.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30779

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Doneren met Mollie

Researcher

muhammad yudha

More Details >

Dr. Flex <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30850

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Dr. Flex

Researcher

stealthcopter

More Details >

Dropdown Multisite selector < 0.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31090

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Dropdown multisite selector

Researcher

muhammad yudha

More Details >

ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-11180

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
ElementsKit Elementor Addons and Templates

Researcher

zer0gh0st

More Details >

EO4WP <= 1.0.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30763

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
EO4WP: EmailOctopus for WordPress

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Fiverr.com Official Search Box <= 1.0.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-28885

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Fiverr.com Official Search Box

Researcher

Abdi Pranata

More Details >

FormLift for Infusionsoft Web Forms <= 7.5.19 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31434

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
FormLift for Infusionsoft Web Forms

Researcher

muhammad yudha

More Details >

Gallery for Social Photo <= 1.0.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26742

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Gallery for Social Photo

Researcher

muhammad yudha

More Details >

GMO Font Agent <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30553

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Plugin Name: GMO Font Agent

Researcher

theviper17y

More Details >

Greenshift <= 11.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30873

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Greenshift – animation and page builder blocks

Researcher

Peter Thaleikis

More Details >

Gum Elementor Addon <= 1.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30800

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Gum Elementor Addon

Researcher

Prissy

More Details >

Happy Addons for Elementor <= 3.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30766

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Happy Addons for Elementor

Researcher

stealthcopter

More Details >

Hester <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26734

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Hester

Researcher

stealthcopter

More Details >

IG Shortcodes <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30597

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
IG Shortcodes

Researcher

timomangcut

More Details >

Include URL <= 0.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30593

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Include URL

Researcher

timomangcut

More Details >

include-file <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30595

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
include-file

Researcher

timomangcut

More Details >

IP Locator <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30826

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
IP Locator

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

jAlbum Bridge <= 2.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30818

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
jAlbum Bridge

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

jAlbum Bridge <= 2.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30768

Patch Status
Patched

Published
Mar 26, 2025

Affected Software
jAlbum Bridge

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

JetBlocks For Elementor <= 1.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30987

Patch Status
Patched

Published
Mar 29, 2025

Affected Software
JetBlocks for Elementor

Researcher

stealthcopter

More Details >

JetProductGallery <= 2.1.22 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31412

Patch Status
Patched

Published
Mar 29, 2025

Affected Software
JetProductGallery

Researcher

stealthcopter

More Details >

JetSearch <= 3.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31043

Patch Status
Patched

Published
Mar 29, 2025

Affected Software
JetSearch

Researcher

stealthcopter

More Details >

JetSmartFilters <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30963

Patch Status
Patched

Published
Mar 29, 2025

Affected Software
JetSmartFilters for Elementor

Researcher

stealthcopter

More Details >

LatePoint <= 5.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30836

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
LatePoint – Calendar Booking Plugin for Appointments and Events

Researcher

Peter Thaleikis

More Details >

LeadConnector <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30893

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
LeadConnector

Researcher

Peter Thaleikis

More Details >

Leaky Paywall <= 4.21.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31083

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Leaky Paywall

Researcher

muhammad yudha

More Details >

Listamester <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30813

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Listamester

Researcher

theviper17y

More Details >

Magic Embeds <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31433

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Magic Embeds

Researcher

muhammad yudha

More Details >

MicroPayments <= 2.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31075

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet

Researcher

muhammad yudha

More Details >

MorningTime Lite <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26736

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
MorningTime Lite

Researcher

stealthcopter

More Details >

newseqo <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26739

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
newseqo

Researcher

Michael

More Details >

Nmedia MailChimp <= 5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30613

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
N-Media MailChimp Subscription

Researcher

Skalucy

More Details >

Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30860

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Off-Canvas Sidebars & Menus (Slidebars)

Researcher

muhammad yudha

More Details >

Paid Member Subscriptions <= 2.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31088

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Researcher

muhammad yudha

More Details >

persian-woocommerce-shipping <= 4.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30898

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری)

Researcher

Peter Thaleikis

More Details >

PostX <= 4.1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31096

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

Researcher

Peter Thaleikis

More Details >

Pretty file links <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30551

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Pretty file links

Researcher

theviper17y

More Details >

Quick Interest Slider <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26738

Patch Status
Unpatched

Published
Mar 25, 2025

Affected Software
Quick Interest Slider

Researcher

muhammad yudha

More Details >

Quotes llama <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30786

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Quotes llama

Researcher

muhammad yudha

More Details >

RainbowNews <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26747

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
RainbowNews

Researcher

stealthcopter

More Details >

RPS Include Content <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31093

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
RPS Include Content

Researcher

muhammad yudha

More Details >

SearchIQ <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30867

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
SearchIQ – The Search Solution

Researcher

muhammad yudha

More Details >

SecuPress Free <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30907

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
SecuPress Free — WordPress Security

Researcher

zaim

More Details >

Simplebooklet PDF Viewer and Embedder <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30922

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Simplebooklet PDF Viewer and Embedder

Researcher

zaim

More Details >

Sitekit <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30776

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Sitekit

Researcher

muhammad yudha

More Details >

SKT Addons for Elementor <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30812

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
SKT Addons for Elementor

Researcher

Prissy

More Details >

Spectra – WordPress Gutenberg Blocks <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-1784

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Spectra Gutenberg Blocks – Website Builder for the Block Editor

Researcher

Peter Thaleikis

More Details >

StoreBiz <= 1.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26732

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
StoreBiz

Researcher

stealthcopter

More Details >

Structured Content <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30918

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Structured Content (JSON-LD) #wpsc

Researcher

Peter Thaleikis

More Details >

SyntaxHighlighter Evolved <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30903

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
SyntaxHighlighter Evolved

Researcher

Peter Thaleikis

More Details >

TablePress – Tables in WordPress made easy <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-2685

Patch Status
Patched

Published
Mar 26, 2025

Affected Software
TablePress – Tables in WordPress made easy

Researcher

SavPhill (Savphill)

More Details >

The Pack Elementor addons <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30925

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)

Researcher

João Pedro Soares de Alcântara

More Details >

Themify Event Post <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30832

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Themify Event Post

Researcher

LVT-tholv2k

More Details >

Toggle Box <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31450

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Toggle Box

Researcher

muhammad yudha

More Details >

Ultimate Blocks – WordPress Blocks Plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-1312

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Ultimate Blocks – WordPress Blocks Plugin

Researcher

zaim

More Details >

Ultimate Blocks <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31077

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Ultimate Blocks – WordPress Blocks Plugin

Researcher

zaim

More Details >

Ultimate Blocks <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-1703

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Ultimate Blocks – WordPress Blocks Plugin

Researcher

Peter Thaleikis

More Details >

Unlimited <= 1.45 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31073

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Unlimited

Researcher

stealthcopter

More Details >

wBounce <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31451

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
wBounce

Researcher

muhammad yudha

More Details >

Whitish Lite <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22278

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Whitish Lite

Researcher

stealthcopter

More Details >

WP Cassify <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30771

Patch Status
Patched

Published
Mar 26, 2025

Affected Software
WP Cassify

Researcher

muhammad yudha

More Details >

WP Compress for MainWP <= 6.30.03 - Authenticated (Subscriber+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31076

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
WP Compress for MainWP

Researcher

theviper17y

More Details >

WP Posts Carousel <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30920

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WP Posts Carousel

Researcher

Peter Thaleikis

More Details >

WP Posts Carousel <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31094

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
WP Posts Carousel

Researcher

astra.r3verii

More Details >

WP Social Widget <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30610

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WP Social Widget

Researcher

muhammad yudha

More Details >

WP Ultimate Search <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31452

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
WP Ultimate Search

Researcher

muhammad yudha

More Details >

Your Simple SVG Support <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-2542

Patch Status
Patched

Published
Mar 24, 2025

Affected Software
Your Simple SVG Support

Researcher

Avraham Shemesh

More Details >

YouTube SimpleGallery <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31453

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
YouTube SimpleGallery

Researcher

muhammad yudha

More Details >

Zapier for WordPress <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13411

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Zapier for WordPress

Researcher

shaman0x01

More Details >

Zoho Billing – Embed Payment Form <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-30900

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Zoho Billing – Embed Payment Form

Researcher

muhammad yudha

More Details >

PDF for WPForms <= 5.3.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

6.3

CVSS Rating
Medium (6.3)

CVE-ID
CVE-2025-30767

Patch Status
Patched

Published
Mar 26, 2025

Affected Software
PDF for WPForms + Drag and Drop Template Builder

Researcher

theviper17y

More Details >

About Author <= 1.6.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30808

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
About Author

Researcher

0xd4rk5id3

More Details >

AdSense Privacy Policy <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30578

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
AdSense Privacy Policy

Researcher

Skalucy

More Details >

Advanced Post Search <= 1.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30548

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
Advanced Post Search

Researcher

0xd4rk5id3

More Details >

AEC Kiosque <= 1.9.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30902

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
AEC Kiosque

Researcher

stealthcopter

More Details >

AlphaOmega Captcha & Anti-Spam Filter <= 3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30584

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
AlphaOmega Captcha & Anti-Spam Filter

Researcher

Nabil Irawan

More Details >

ANAC XML Render <= 1.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30558

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
ANAC XML Render

Researcher

Abdi Pranata

More Details >

Arrow Maps <= 1.0.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-28858

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Arrow Maps – Custom Maps for WordPress

Researcher

Abdi Pranata

More Details >

banner-manager <= 16.04.19 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30565

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
banner-manager

Researcher

Nguyen Xuan Chien

More Details >

Better WishList API <= 1.1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30798

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Better WishList API

Researcher

0xd4rk5id3

More Details >

Blue Captcha <= 1.7.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-28880

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Blue Captcha

Researcher

Le Ngoc Anh

More Details >

Breezing Forms <= 1.2.8.11 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30520

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
Breezing Forms

Researcher

Nguyen Xuan Chien

More Details >

Browser Address Bar Color <= 3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30577

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Browser Address Bar Color

Researcher

Skalucy

More Details >

CallPhone'r <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30550

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
CallPhone'r

Researcher

Nabil Irawan

More Details >

CAS Maestro <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30561

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
CAS Maestro

Researcher

Nguyen Xuan Chien

More Details >

Cazamba <= 1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-25100

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Cazamba

Researcher

SOPROBRO

More Details >

Contact Form 7 Material Design <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30522

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Contact Form 7 Material Design

Researcher

Skalucy

More Details >

CopyLink <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30603

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
CopyLink

Researcher

Nabil Irawan

More Details >

cTabs <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30586

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
cTabs

Researcher

Abdi Pranata

More Details >

Custom Product Stickers for Woocommerce <= 1.9.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-28889

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Custom Product Stickers for Woocommerce

Researcher

0xd4rk5id3

More Details >

Digital License Manager <= 1.7.3 - Reflected Cross-Site Scripting via remove_query_arg Function

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-2635

Patch Status
Patched

Published
Mar 24, 2025

Affected Software
Digital License Manager

Researcher

Peter Thaleikis

More Details >

Driving Directions <= 1.4.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-28903

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Driving Directions

Researcher

johska

More Details >

Event Tickets <= 5.20.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30794

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Event Tickets and Registration

Researcher

João Pedro Soares de Alcântara

More Details >

EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.08 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30787

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
EZ SQL Reports Shortcode Widget and DB Backup

Researcher

Nabil Irawan

More Details >

Google Font Fix <= 2.3.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30614

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
Google Font Fix

Researcher

Skalucy

More Details >

Hostel <= 1.1.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30848

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Hostel

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Hostel <= 1.1.5.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31102

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Hostel

Researcher

johska

More Details >

Image Wall <= 3.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30869

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Image Wall

Researcher

0xd4rk5id3

More Details >

jQuery Dropdown Menu <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30560

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
jQuery Dropdown Menu

Researcher

Nguyen Xuan Chien

More Details >

Kento WordPress Stats <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30559

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Kento WordPress Stats

Researcher

Abdi Pranata

More Details >

Key4ce osTicket Bridge <= 1.4.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-28877

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Key4ce osTicket Bridge

Researcher

johska

More Details >

LH OGP Meta <= 1.73 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30587

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
LH OGP Meta

Researcher

Abdi Pranata

More Details >

Lightview Plus <= 3.1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-28890

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Lightview Plus

Researcher

johska

More Details >

Map Contact <= 3.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30588

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Map Contact

Researcher

Abdi Pranata

More Details >

MediaView <= 1.1.2 - Reflected Cross-Site Scripting via id Parameter

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-2481

Patch Status
Unpatched

Published
Mar 26, 2025

Affected Software
MediaView

Researcher

johska

More Details >

NextGEN Gallery Voting <= 2.7.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-28869

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
NextGEN Gallery Voting

Researcher

johska

More Details >

OK Poster Group <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30544

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
OK Poster Group

Researcher

0xd4rk5id3

More Details >

Omnify <= 2.0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-28882

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Omnify – The Best Scheduling Widgets for WordPress

Researcher

Abdi Pranata

More Details >

OmniLeads Scripts and Tags Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31460

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
OmniLeads Scripts and Tags Manager

Researcher

Skalucy

More Details >

Pesapal Gateway for Woocommerce <= 2.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30579

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
Pesapal Gateway for Woocommerce

Researcher

Nguyen Xuan Chien

More Details >

Primer MyData for Woocommerce < 4.2.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30924

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Primer MyData for Woocommerce

Researcher

João Pedro Soares de Alcântara

More Details >

Pro Rank Tracker <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30583

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Pro Rank Tracker

Researcher

Abdi Pranata

More Details >

Quick Localization <= 0.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30607

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
Quick Localization (Quick Localisation)

Researcher

Nguyen Xuan Chien

More Details >

Related Posts via Categories <= 2.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30602

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Related Posts via Categories

Researcher

Nabil Irawan

More Details >

Replace Default Words <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30612

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Replace Default Words

Researcher

Skalucy

More Details >

Secret Meta <= 1.2.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-25086

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Secret Meta

Researcher

SOPROBRO

More Details >

SH Email Alert <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-2165

Patch Status
Unpatched

Published
Mar 25, 2025

Affected Software
SH Email Alert

Researcher

johska

More Details >

ShowTime Slideshow <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31444

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
ShowTime Slideshow

Researcher

Skalucy

More Details >

Simple Rating <= 1.4 - Cross-Site Request Forgery

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30572

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Simple Rating

Researcher

Nabil Irawan

More Details >

SKU Generator for WooCommerce <= 1.6.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30917

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
SKU Generator for WooCommerce

Researcher

Peter Thaleikis

More Details >

Smart Maintenance Mode <= 1.5.2 - Reflected Cross-Site Scripting via setstatus Parameter

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-1490

Patch Status
Unpatched

Published
Mar 25, 2025

Affected Software
Smart Maintenance Mode

Researcher

Krzysztof Zając

More Details >

Store Locator Widget <= 2025r2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30919

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Store Locator Widget

Researcher

Abdi

More Details >

tagDiv Composer <= 5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-1705

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
tagDiv Composer

Researcher

Truoc Phan

More Details >

tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username'

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-2804

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
tagDiv Composer

Researcher

Truoc Phan

More Details >

Teleport <= 1.2.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-28855

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Teleport

Researcher

Abdi Pranata

More Details >

Terms of Use <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31440

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Terms of Use

Researcher

Skalucy

More Details >

The Ultimate WordPress Toolkit – WP Extended <= 3.0.14 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30796

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
The Ultimate WordPress Toolkit – WP Extended

Researcher

Le Ngoc Anh

More Details >

The Visitor Counter <= 1.4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31449

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
The Visitor Counter Plugin

Researcher

Nguyen Xuan Chien

More Details >

Tidekey <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30563

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
Tidekey

Researcher

Nguyen Xuan Chien

More Details >

Translator <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30621

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Translator

Researcher

Nguyen Xuan Chien

More Details >

Video Embedder <= 1.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31458

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Video Embedder

Researcher

Nguyen Xuan Chien

More Details >

WIP WooCarousel Lite <= 1.1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30769

Patch Status
Patched

Published
Mar 26, 2025

Affected Software
WIP WooCarousel Lite

Researcher

Nguyen Xuan Chien

More Details >

WooCommerce Fattureincloud <= 2.6.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30837

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WooCommerce Fattureincloud

Researcher

Nguyen Xuan Chien

More Details >

WordPress SQL Backup <= 3.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30608

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WordPress SQL Backup

Researcher

johska

More Details >

WP Cards <= 1.5.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30547

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
WP Cards

Researcher

0xd4rk5id3

More Details >

WP Colorful Tag Cloud <= 2.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-28865

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WP Colorful Tag Cloud

Researcher

Nguyen Xuan Chien

More Details >

WP Event Ticketing <= 1.3.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-28899

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WP Event Ticketing

Researcher

johska

More Details >

WP Odoo Form Integrator <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30620

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WP Odoo Form Integrator

Researcher

Nguyen Xuan Chien

More Details >

WP2LEADS <= 3.4.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30827

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden

Researcher

johska

More Details >

xili-dictionary <= 2.12.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30840

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
xili-dictionary

Researcher

0xd4rk5id3

More Details >

Yummly Rich Recipes <= 4.2 - Cross-Site Request Forgery

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30549

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Yummly Rich Recipes

Researcher

Nabil Irawan

More Details >

Bit Assist <= 1.5.4 - Unauthenticated Path Traversal

5.8

CVSS Rating
Medium (5.8)

CVE-ID
CVE-2025-30834

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger, Live Chat Support Chat Button – Bit Assist

Researcher

Falgun Patel

More Details >

WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function

5.8

CVSS Rating
Medium (5.8)

CVE-ID
CVE-2025-2109

Patch Status
Patched

Published
Mar 24, 2025

Affected Software
WP Compress – Instant Performance & Speed Optimization

Researcher

mikemyers

More Details >

Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.8 - Authenticated (Contributor+) Sensitive Information Exposure

5.7

CVSS Rating
Medium (5.7)

CVE-ID
CVE-2025-2228

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates

Researcher

wesley (wcraft)

More Details >

AI Preloader <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-30530

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
AI Preloader

Researcher

Nabil Irawan

More Details >

Frndzk Expandable Bottom Bar <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via text Parameter

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-2510

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Frndzk Expandable Bottom Bar

Researcher

johska

More Details >

Login Redirect <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-30575

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Login Redirect

Researcher

Nabil Irawan

More Details >

Message ticker <= 9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-30533

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Message ticker

Researcher

Nabil Irawan

More Details >

Metform <= 3.9.2 - Authenticated (Admin+) Server-Side Request Forgery

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-30914

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

Researcher

Marek Mikita

More Details >

My Bootstrap Menu <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-30527

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
My Bootstrap Menu

Researcher

Nabil Irawan

More Details >

Page Takeover <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-31470

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Page Takeover

Researcher

Nabil Irawan

More Details >

VaultRE Contact Form 7 <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-31101

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
VaultRE Contact Form 7

Researcher

Psai

More Details >

Weather Layer <= 4.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-30532

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Weather Layer

Researcher

Nabil Irawan

More Details >

WP Parallax Content Slider <= 0.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-30599

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WP Parallax Content Slider

Researcher

Nabil Irawan

More Details >

WP-OGP <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-31437

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
WP-OGP

Researcher

Nabil Irawan

More Details >

Event post <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2025-2167

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Event post

Researcher

Peter Thaleikis

More Details >

Support Genix <= 1.4.11 - Authenticated (Subscriber+) Insecure Direct Object Reference

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2025-30777

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Support Genix – Helpdesk & Customer Support Ticket System

Researcher

astra.r3verii

More Details >

Ads by WPQuads <= 2.0.87.1 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30855

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads

Researcher

astra.r3verii

More Details >

Advanced Dewplayer <= 1.6 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30592

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Advanced Dewplayer

Researcher

0xd4rk5id3

More Details >

Advanced Google reCAPTCHA <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-2074

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Advanced Google reCAPTCHA

Researcher

Muhamad Visat

More Details >

Advanced iFrame <= 2024.5 - Unauthenticated Settings Update

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-1440

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Advanced iFrame

Researcher

Peter Thaleikis

More Details >

AppExperts <= 1.4.3 - Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30609

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps

Researcher

Phan Trong Quan

More Details >

Booking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-2578

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Booking for Appointments and Events Calendar – Amelia

Researcher

zhuxuan wu

More Details >

Chatbox Manager <= 1.2.2 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30790

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Chatbox Manager

Researcher

Nabil Irawan

More Details >

Clear Sucuri Cache <= 1.4 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-31469

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Clear Sucuri Cache

Researcher

Nabil Irawan

More Details >

Cool Author Box <= 2.9.9 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30830

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Cool Author Box – For Widget and Post Content

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

DAP to Autoresponders Email Syncing <= 1.0 - Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-2840

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
DAP to Autoresponders Email Syncing

Researcher

Avraham Shemesh

More Details >

Directorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-2224

Patch Status
Patched

Published
Mar 24, 2025

Affected Software
Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings

Researcher

mikemyers

More Details >

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-2252

Patch Status
Patched

Published
Mar 24, 2025

Affected Software
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Researcher

Françoa Taffarel

More Details >

Greek Multi Tool – Fix peralinks, accents, auto create menus and more <= 2.3.1 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30797

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Greek Multi Tool – Ultimate Greek Language Toolkit for WordPress

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

JS Help Desk <= 2.9.2 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30880

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin

Researcher

LVT-tholv2k

More Details >

LearnPress <= 4.2.7.5 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-22739

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
LearnPress – WordPress LMS Plugin

Researcher

David Ojeda Guijarro

More Details >

Live Forms <= 4.8.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30809

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Contact Form, Drag and Drop Form Builder Plugin – Live Forms

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Music Press Pro <= 1.4.6 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30591

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Music Press Pro

Researcher

0xd4rk5id3

More Details >

Sensei LMS <= 4.24.4 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-22740

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Sensei LMS – Online Courses, Quizzes, & Learning

Researcher

David Ojeda Guijarro

More Details >

SNORDIAN's H5PxAPIkatchu <= 0.4.14 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30821

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
SNORDIAN's H5PxAPIkatchu

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Taxi Booking Manager for WooCommerce <= 1.2.1 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30839

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab

Researcher

LVT-tholv2k

More Details >

Terms & Conditions Per Product <= 1.2.15 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30866

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Terms & Conditions Per Product

Researcher

Skalucy

More Details >

Timetics <= 1.0.29 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30828

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Appointment Booking and Scheduling Calendar Plugin – WP Timetics

Researcher

Phat RiO - BlueRock

More Details >

Top Bar <= 3.3 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30581

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Top Bar

Researcher

0xd4rk5id3

More Details >

Traveler <= 3.1.8 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-26733

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
Travel Booking WordPress Theme

Researcher

Rafie Muhammad

More Details >

WpEvently <= 4.2.9 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-30887

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin

Researcher

LVT-tholv2k

More Details >

bizcalendar-web <= 1.1.0.34 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-30843

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
BizCalendar Web

Researcher

Phan Trong Quan

More Details >

Cart tracking for WooCommerce <= 1.0.16 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-30791

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Cart tracking for WooCommerce

Researcher

kuteminh11

More Details >

FlexStock <= 3.13.1 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-30765

Patch Status
Patched

Published
Mar 26, 2025

Affected Software
Stock Sync for WooCommerce with Google Sheets | WooCommerce Bulk Edit, Stock Management, Inventory Management System & more – FlexStock

Researcher

astra.r3verii

More Details >

JiangQie Official Website Mini Program <= 1.8.2 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-30604

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
ZhuiGe Official Website Mini Program

Researcher

kuteminh11

More Details >

MC Woocommerce Wishlist <= 1.8.9 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-30879

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

Researcher

Phan Trong Quan

More Details >

Newsletters <= 4.9.9.7 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-30921

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Newsletters

Researcher

Webula

More Details >

Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-1769

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Product Import Export for WooCommerce – Import Export Product CSV Suite

Researcher

HayMiz

More Details >

Slider by BestWebSoft <= 1.1.0 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-31099

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Slider by BestWebSoft

Researcher

domiee13

More Details >

STEdb Forms <= 1.0.4 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-30571

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
STEdb Forms

Researcher

kuteminh11

More Details >

Super Simple Subscriptions <= 1.1.0 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-30523

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Super Simple Subscriptions

Researcher

Phan Trong Quan

More Details >

WP Profitshare <= 1.4.9 - Authenticated (Editor+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-30525

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WP Profitshare

Researcher

Nguyen Xuan Chien

More Details >

دکمه، شبکه اجتماعی خرید <= 2.0.6 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-30570

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
دکمه، شبکه اجتماعی خرید

Researcher

kuteminh11

More Details >

AvaiBook <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30540

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
AvaiBook vacation rental booking engine

Researcher

Nabil Irawan

More Details >

Beautiful Link Preview <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30536

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Beautiful Link Preview

Researcher

Nabil Irawan

More Details >

BMo Expo <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30539

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
BMo Expo – a WordPress and NextGEN Gallery plugin

Researcher

Nabil Irawan

More Details >

Chartify <= 3.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30904

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Chartify – WordPress Chart Plugin

Researcher

astra.r3verii

More Details >

Clearout Email Validator <= 3.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30789

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Clearout Email Validator – Real-Time Email Verification on WordPress Forms

Researcher

Nabil Irawan

More Details >

Comment Approved Notifier Extended <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30792

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Comment Approved Notifier Extended

Researcher

Nabil Irawan

More Details >

Duplicate Page and Post <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-31471

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Duplicate Page and Post

Researcher

Nabil Irawan

More Details >

Easy Page Transition <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30606

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Easy Page Transition

Researcher

Nabil Irawan

More Details >

Flatty <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-31472

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Flatty – Flat Admin Theme

Researcher

Nabil Irawan

More Details >

issuuPress <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30545

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
issuupress

Researcher

Nabil Irawan

More Details >

Job Colors for WP Job Manager <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-31031

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
Job Colors for WP Job Manager

Researcher

Psai

More Details >

Mobile Navigation <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30574

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Mobile Navigation

Researcher

Nabil Irawan

More Details >

My Default Post Content <= 0.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30573

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
My Default Post Content

Researcher

Nabil Irawan

More Details >

Novelist <= 1.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30847

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Novelist

Researcher

timomangcut

More Details >

Text Selection Color <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-31464

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Text Selection Color

Researcher

Nabil Irawan

More Details >

TGG WP Optimizer <= 1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-31463

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
TGG – WP Optimizer

Researcher

Nabil Irawan

More Details >

Upload Quota per User <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30537

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Upload Quota per User

Researcher

Nabil Irawan

More Details >

User Registration <= 4.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30899

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
User Registration & Membership – Custom Registration Form, Login Form, and User Profile

Researcher

ayato

More Details >

wA11y – The Web Accessibility Toolbox <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30623

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
wA11y – The Web Accessibility Toolbox

Researcher

Nabil Irawan

More Details >

WP Database Optimizer <= 1.2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-31473

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
WP Database Optimizer

Researcher

Nabil Irawan

More Details >

WP Google Street View <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30799

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WP Google Street View (with 360° virtual tour) & Google maps + Local SEO

Researcher

Nabil Irawan

More Details >

WP Hotjar <= 0.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30600

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WP Hotjar

Researcher

Nabil Irawan

More Details >

WP Weixin <= 1.3.16 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-30875

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
wp-weixin

Researcher

Nabil Irawan

More Details >

3DPrint Lite <= 2.1.3.5 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30865

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
3DPrint Lite

Researcher

Skalucy

More Details >

Analytify <= 5.5.1 - Missing Authorization to Authenticated (Subscriber+) Minor Settings Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30897

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Anthologize <= 0.8.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30823

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Anthologize

Researcher

Nguyen Xuan Chien

More Details >

Auto Load Next Post <= 1.5.14 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30529

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WordPress Infinite Scroll by Auto Load Next Post

Researcher

Nabil Irawan

More Details >

Awesome Logos <= 1.2 - Cross-Site Request Forgery to SQL Injection

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30528

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Awesome Logos

Researcher

Nguyen Xuan Chien

More Details >

Big Store <= 2.0.8 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30881

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Big Store

Researcher

Peter Thaleikis

More Details >

Browser Caching with .htaccess 1.2.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31439

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Browser Caching with .htaccess

Researcher

Nguyen Xuan Chien

More Details >

Cackle <= 4.33 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30546

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Cackle

Researcher

Nabil Irawan

More Details >

Christmas Panda <= 1.0.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30842

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Christmas Panda

Researcher

Nabil Irawan

More Details >

Conversios.io <= 7.2.3 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30909

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Conversios: Google Analytics GA4, Google Ads, GTM & Multiple Pixel Tracking

Researcher

Ananda Dhakal

More Details >

Currency Switcher for WooCommerce <= 0.0.7 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30857

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Currency Switcher for WooCommerce

Researcher

Nguyen Xuan Chien

More Details >

Custom Fields Account Registration For Woocommerce <= 1.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30888

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Custom Fields Account Registration For Woocommerce

Researcher

Nguyen Xuan Chien

More Details >

Custom Login Logo <= 1.1.7 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30822

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Custom Login Logo

Researcher

Nguyen Xuan Chien

More Details >

Custom Script Integration <= 2.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30564

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Custom Script Integration

Researcher

Skalucy

More Details >

Easy 301 Redirects <= 1.33 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30557

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Easy 301 Redirects

Researcher

Nguyen Xuan Chien

More Details >

Estatebud – Properties & Listings <= 5.5.0 - Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-13710

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Estatebud – Properties & Listings

Researcher

Dhabaleshwar Das

More Details >

Exchange Rates <= 1.2.2 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30864

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Exchange Rates

Researcher

Nguyen Xuan Chien

More Details >

External image replace <= 1.0.8 - Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30535

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
External image replace

Researcher

Nabil Irawan

More Details >

EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.08 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30788

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
EZ SQL Reports Shortcode Widget and DB Backup

Researcher

Nabil Irawan

More Details >

Five Star Restaurant Reservations <= 2.6.29 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30861

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Five Star Restaurant Reservations – WordPress Booking Plugin

Researcher

Revan Arifio

More Details >

Fix Rss Feeds <= 3.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30556

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Fix Rss Feeds

Researcher

Nguyen Xuan Chien

More Details >

Flexible Cookies <= 1.1.8 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30805

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Flexible Cookies

Researcher

Skalucy

More Details >

Flipdish Ordering System <= 1.5.2 - Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30601

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Flipdish Ordering System

Researcher

Nabil Irawan

More Details >

Float menu <= 6.1.2 - Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30912

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Float menu – awesome floating side menu

Researcher

Khang Duong

More Details >

Generate Post Thumbnails <= 0.8 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30585

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Generate Post Thumbnails

Researcher

Nabil Irawan

More Details >

Gift Message for WooCommerce <= 1.7.8 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30923

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Gift Message for WooCommerce

Researcher

Kévin Mosbahi (Mika)

More Details >

GP Back To Top <= 3.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30521

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
GP Back To Top

Researcher

Skalucy

More Details >

Hacklog Remote Image Autosave <= 2.1.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30576

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Hacklog Remote Image Autosave

Researcher

Nabil Irawan

More Details >

Hesabfa Accounting <= 2.1.8 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30815

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Hesabfa Accounting

Researcher

Nabil Irawan

More Details >

Image Captcha <= 1.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30534

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Image Captcha

Researcher

Nabil Irawan

More Details >

Info Boxes Shortcode and Widget <= 1.15 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30541

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Info Boxes Shortcode and Widget

Researcher

Nabil Irawan

More Details >

Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.0.9 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30863

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms

Researcher

Nguyen Xuan Chien

More Details >

Just Writing Statistics <= 5.3 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30803

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Just Writing Statistics

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

King Addons for Elementor <= 24.12.58 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30926

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor

Researcher

João Pedro Soares de Alcântara

More Details >

KK I Like It <= 1.7.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31443

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
KK I Like It

Researcher

johska

More Details >

Login Alert <= 0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31459

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Login Alert

Researcher

Skalucy

More Details >

LWS SMS <= 2.4.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31457

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
LWS SMS

Researcher

Nguyen Xuan Chien

More Details >

Menu Duplicator <= 1.0 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30543

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Menu Duplicator

Researcher

Nabil Irawan

More Details >

Microblog Poster <= 2.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31435

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Microblog Poster – Auto Publish on Social Media

Researcher

Nguyen Xuan Chien

More Details >

NertWorks All in One Social Share Tools <= 1.26 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31447

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
NertWorks All in One Social Share Tools

Researcher

johska

More Details >

OSS Upload <= 4.8.9 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30598

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
OSS Upload

Researcher

Nabil Irawan

More Details >

Our Team Members <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30802

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Our Team Members – Team Members WordPress Plugin

Researcher

Nguyễn Trung Kiên

More Details >

Product Author for WooCommerce <= 1.0.7 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30872

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Product Author for WooCommerce

Researcher

Nguyen Xuan Chien

More Details >

publish post email notification <= 1.0.2.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30816

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
wordpress publish post email notification

Researcher

Nguyen Xuan Chien

More Details >

Quiz Cat <= 3.0.8 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30877

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Quiz Cat – WordPress Quiz Plugin

Researcher

Peter Thaleikis

More Details >

reCAPTCHA for all <= 2.22 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30862

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Cloudflare Turnstile or reCAPTCHA For any Pages, to Block Spam and Hackers Attack.

Researcher

Skalucy

More Details >

Rewrite <= 0.2.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30617

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Rewrite

Researcher

Nguyen Xuan Chien

More Details >

Serial Codes Generator and Validator with WooCommerce Support <= 2.7.7 - Cross-Site Request Forgery via [placeholder]

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30854

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Serial Codes Generator and Validator with WooCommerce Support

Researcher

Nguyen Xuan Chien

More Details >

Shipmondo – A complete shipping solution for WooCommerce <= 5.0.3 - Missing Authorization to Authenticated (Customer+) Information Disclosure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-27001

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Shipmondo – A complete shipping solution for WooCommerce

Researcher

Psai

More Details >

Simple Optimizer <= 1.2.7 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30538

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Simple Optimizer

Researcher

Nabil Irawan

More Details >

Simple Trackback Disabler <= 1.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31448

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Simple Trackback Disabler

Researcher

Nguyen Xuan Chien

More Details >

SimplyRETS Real Estate IDX <= 3.0.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31010

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
SimplyRETS Real Estate IDX

Researcher

Psai

More Details >

SoundCloud Ultimate <= 1.5 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30542

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
SoundCloud Ultimate Plugin

Researcher

Nabil Irawan

More Details >

sourceplay-navermap <= 0.0.2 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30605

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
sourceplay-navermap

Researcher

Nabil Irawan

More Details >

SpeakPipe <= 0.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30619

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
SpeakPipe – Voicemail for Websites

Researcher

Nguyen Xuan Chien

More Details >

Specific Content For Mobile <= 0.5.3 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30874

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Specific Content For Mobile – Customize the mobile version without redirections

Researcher

Peter Thaleikis

More Details >

Super Static Cache <= 3.3.5 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30568

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Super Static Cache

Researcher

Skalucy

More Details >

teachPress <= 9.0.9 - Cross-Site Request Forgery to Import Delete

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-1320

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
teachPress

Researcher

Krzysztof Zając

More Details >

Textmetrics <= 3.6.1 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30824

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Textmetrics

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Tickera <= 3.5.5.2 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30851

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Tickera – WordPress Event Ticketing

Researcher

Peter Thaleikis

More Details >

Traveler <= 3.1.8 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-26956

Patch Status
Unpatched

Published
Mar 27, 2025

Affected Software
Travel Booking WordPress Theme

Researcher

Rafie Muhammad

More Details >

Trust.Reviews <= 2.3 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30883

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Social Reviews & Recommendations

Researcher

Peter Thaleikis

More Details >

TWB Woocommerce Reviews <= 1.7.7 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30801

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
TWB Woocommerce Reviews

Researcher

Nguyen Xuan Chien

More Details >

Typekit plugin for WordPress <= 1.2.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30526

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
Typekit plugin for WordPress

Researcher

Nabil Irawan

More Details >

Ultimate Dashboard <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-2276

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Ultimate Dashboard – Custom WordPress Dashboard

Researcher

mikemyers

More Details >

Ultimate Security Checker <= 4.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31456

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
Ultimate Security Checker

Researcher

Nguyen Xuan Chien

More Details >

Usermaven <= 1.2.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31079

Patch Status
Patched

Published
Mar 28, 2025

Affected Software
Usermaven

Researcher

Skalucy

More Details >

ValidateCertify <= 1.6.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30811

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
ValidateCertify Free

Researcher

Skalucy

More Details >

Verge3D <= 4.8.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30833

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Verge3D Publishing and E-Commerce

Researcher

Nguyen Xuan Chien

More Details >

WordPres 同步微博 <= 1.1.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30555

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WordPres 同步微博

Researcher

Abdi Pranata

More Details >

WordPress Admin Bar Improved <= 3.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30552

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WordPress Admin Bar Improved

Researcher

johska

More Details >

WP Database Optimizer <= 1.2.1.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31474

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
WP Database Optimizer

Researcher

Nabil Irawan

More Details >

WP Docs <= 2.2.6 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31417

Patch Status
Patched

Published
Mar 29, 2025

Affected Software
WP Docs

Researcher(s): Unknown

More Details >

WP ERP <= 1.13.4 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30896

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting

Researcher

theviper17y

More Details >

WP Fast Total Search <= 1.79.262 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30894

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WP Fast Total Search – The Power of Indexed Search

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

WP Google Review Slider <= 16.0 - Cross-Site Request Forgery to SQL Injection

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30783

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
WP Google Review Slider

Researcher

astra.r3verii

More Details >

WP Ride Booking <= 2.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30531

Patch Status
Unpatched

Published
Mar 24, 2025

Affected Software
WP Ride Booking – Best Taxi Booking Solution for WordPress

Researcher

Nabil Irawan

More Details >

WP Supersized <= 3.1.6 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31438

Patch Status
Unpatched

Published
Mar 28, 2025

Affected Software
WP Supersized

Researcher

Nguyen Xuan Chien

More Details >

wpShopGermany IT-RECHT KANZLEI <= 2.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30804

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
wpShopGermany IT-RECHT KANZLEI

Researcher

Skalucy

More Details >

Z Companion <= 1.0.13 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30817

Patch Status
Patched

Published
Mar 27, 2025

Affected Software
Z Companion

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function

2.7

CVSS Rating
Low (2.7)

CVE-ID
CVE-2025-1911

Patch Status
Patched

Published
Mar 25, 2025

Affected Software
Product Import Export for WooCommerce – Import Export Product CSV Suite

Researcher

HayMiz

More Details >

Smush Image Compression and Optimization <= 3.17.0 - Authenticated (Admin+) Directory Traversal

2.7

CVSS Rating
Low (2.7)

CVE-ID
CVE-2025-22288

Patch Status
Patched

Published
Mar 29, 2025

Affected Software
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN

Researcher

SteveSec

More Details >